top of page

CurveBall aka CVE-2020-0601

Updated: Sep 26, 2021

The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows.

Dubbed CurveBall or “Chain of Fools,” an attacker exploiting this vulnerability could potentially create their own cryptographic certificates that appear to originate from a legitimate certificate that is fully trusted by Windows by default.

Monday the 13th of January Brian Krebs published blog that he had sources telling him that in the next 24 hours, Microsoft would release software updates that would fix a vulnerability in the Windows Crypto API.

True to his word, on the 14th of January, NSA released a cyber security advisory that disclosed a vulnerability in the crypto API. This vulnerability allowed an attacker to defeat the certificate validation in Windows 10 and it would affect TLS, code signing.

Less than 24 hours later, security researcher Salim Rashid published a proof of concept on his twitter account showing that he successfully “rick rolled” and using a custom-made CA certificate.

Shortly after this, Ollypwn aka. Oliver Lyak, a security researcher from Denmark, published a proof of concept exploit on GitHub for anyone to use. And what struck the world was that the exploit consisted of less than 10 rows of code and anyone could do it.

For the rest of this blog post I’m going to try to explain how this vulnerability works on a very high level, and point out why this exploit is extremely powerful.

CA Certificates

CA Certificate consists of a signing mechanism, where the certificate authority “vouch” that you are who you claim to be.

These types of certificates are used to sign other certificates, as a form of trust. You have a certificate and you let a well-known certificate authority (CA) sign your certificate. This s used to encrypt your traffic from your device to the destination, appearing as a padlock in the corner of your browser when using the internet.

It shoud be noted at this point that the padlock in the browser does not mean the website is safe, as certificates can be purchased extremely cheaply if not free for 90 day free trials.

Crypt32 verifies how CA certificates in are cached in windows, it works by going through all cached certificates and checks if the public key provided CA certificate matches any of the cached CA certificates in the public keys.

The Vulnerability

The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.

Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.

Examples where validation of trust may be impacted include:

  • HTTPS connections

  • Signed files and emails

  • Signed executable code launched as user-mode processes


Rapid adoption of the patch is the only known mitigation at this time. The patch added a call to the new function ChainComparePublicKeyParametersAndBytes(), replacing the simple comparison between the issuer and trusted root public key hash, which compares the public key parameters and bytes between the trusted root certificate and the certificate that was actually used to verify the signature on the end certificate. If that comparison fails, CryptVerifySignatureEx() is called to re-verify the signature on the end certificate using the actual trusted root certificate, parameters and all, catching any crafted root certificates with cryptographic parameters that differ from those on the actual trusted certificate.


1 view0 comments

Recent Posts

See All

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. Running Shell Code in C# Over the last few weeks, we have been building payloads an

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. Running Shell Code in C# Using lessons learnt from the last few weeks from both VBA

This forms part of a new series of blog posts looking at client-side attacks and evasion strategies used by hackers. When looking at exploiting operating systems and conducting client-side attacks it

bottom of page